Update (June ’17): it has taken more than 1,5 years since I posted this, but the Windows 10 “Creators Update” finally contains a Connect button right in the Network Connections flyout… 🙂

Earlier I wrote about a trick to make Windows 10 connect to a VPN with a single action (double-click) instead of three or more. I recently found that this trick had a limitation: it only worked because the username and password for my VPN connection were the same as the username and password of the Windows 10 computer I was using (a local account). On another Windows 10 pc that was using a Microsoft account, it failed telling me the username / password was not correct:

Remote Access error 691 – The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.

Because it worked on the first pc, I assumed that rasdial used the username/password I stored in the VPN configuration. It looks like it doesn’t, but uses your Windows username/password instead (need to verify this). One could discuss whether that is a bug or a feature, but in the end, the result is that it doesn’t work for me.

So I started looking for alternatives. Other tricks I found involved storing the username/password in the command file, but I did not want to do that. The solution is to not use rasdial, but it’s nephew rasphone.

Change the line

rasdial "My VPN connection name here"

into

rasphone -d "My VPN connection name here"

Mind the -d before the name of the connection.

It shows the familiar connecting dialog, instead of the command line window, and it just works.

All-in-all I am very happy with my upgrade from Windows 7 to 10. The procedure was smooth and almost (more on that later) everything still worked like a charm, out-of-the-box, despite having lots of not-so-obvious software on the machine. (Comes with the job as a developer, I guess.)

However, one minor thing very soon annoyed me on Win10 and that was the crappy user experience for connecting to a VPN, despite that shiny new VPN button in the new Action center (btw, action center tip: use WinKey+A), which in itself looked like good idea. Lees meer over dit bericht

I had the exact problem Roger describes: occasionally a disconnect of my VPN and then unable to reconnect, with error message 812: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.

His consideration was the same as mine, it could not be configuration or else it would have consistently worked or not. Roger traced it to a DNS issue:

Eventually I was able to isolate the issue to a periodic problem with the RRAS server not being able to connect to the Active Directory server for account authentication. One of the reason codes occasionally generated in the security event log was:

The Network Policy Server was unable to connect to a domain controller in the domain where the account is located. Because of this, authentication and authorization for the RADIUS request could not be performed.

The cause of the problem ended up being very simple: The primary DNS of the RRAS server was no longer pointing at the domain controller. Changing the primary DNS to the domain controller and setting the secondary DNS to an external server (the primary google 8.8.8.8 DNS in this case) eliminated the issue.

Thanks to Roger for taking the time to post that, it probably saved me a couple of afternoons debugging this…